summaryrefslogtreecommitdiffstats
path: root/openecomp-be
diff options
context:
space:
mode:
authorvasraz <vasyl.razinkov@est.tech>2021-11-29 17:42:02 +0000
committerMichael Morris <michael.morris@est.tech>2021-12-07 09:30:30 +0000
commit987fc74925dc4051f08913393924d2b826d7e59c (patch)
tree50ed0e7ee1e9105af8fc8190aac4ac660ba6aa4c /openecomp-be
parent5c9d068e66264be8db6018cb551db7c05e8e2596 (diff)
Fix vulnerable dependency
Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech> Issue-ID: SDC-3795 Change-Id: Ib6f7902b2f8380ad9febcc2fad0374e8070af15c
Diffstat (limited to 'openecomp-be')
-rw-r--r--openecomp-be/api/openecomp-sdc-rest-webapp/action-library-rest/action-library-rest-services/pom.xml6
-rw-r--r--openecomp-be/api/openecomp-sdc-rest-webapp/externaltesting-rest/externaltesting-rest-services/pom.xml6
-rw-r--r--openecomp-be/api/openecomp-sdc-rest-webapp/item-rest/item-rest-services/pom.xml6
-rw-r--r--openecomp-be/api/openecomp-sdc-rest-webapp/notifications-fe/pom.xml6
-rw-r--r--openecomp-be/api/openecomp-sdc-rest-webapp/validation-rest/validation-rest-services/pom.xml6
-rw-r--r--openecomp-be/api/openecomp-sdc-rest-webapp/vendor-license-rest/vendor-license-rest-services/pom.xml6
-rw-r--r--openecomp-be/api/openecomp-sdc-rest-webapp/vendor-software-products-rest/vendor-software-products-rest-services/pom.xml11
-rw-r--r--openecomp-be/api/openecomp-sdc-rest-webapp/vendor-software-products-rest/vnf-repository-rest-services/pom.xml1
-rw-r--r--openecomp-be/backend/openecomp-sdc-security-util/pom.xml6
-rw-r--r--openecomp-be/dist/sdc-onboard-backend-docker/artifacts/Dockerfile12
-rw-r--r--openecomp-be/dist/sdc-onboard-db-init-docker/artifacts/Dockerfile6
-rw-r--r--openecomp-be/lib/openecomp-common-lib/pom.xml1
-rw-r--r--openecomp-be/lib/openecomp-core-lib/openecomp-utilities-lib/pom.xml6
-rw-r--r--openecomp-be/lib/openecomp-sdc-logging-lib/openecomp-sdc-logging-core/pom.xml1
-rw-r--r--openecomp-be/lib/openecomp-sdc-notification-lib/openecomp-sdc-notification-websocket/pom.xml2
-rw-r--r--openecomp-be/lib/openecomp-sdc-notification-lib/openecomp-sdc-notification-worker/pom.xml6
-rw-r--r--openecomp-be/lib/openecomp-sdc-validation-lib/openecomp-sdc-validation-impl/pom.xml6
17 files changed, 81 insertions, 13 deletions
diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/action-library-rest/action-library-rest-services/pom.xml b/openecomp-be/api/openecomp-sdc-rest-webapp/action-library-rest/action-library-rest-services/pom.xml
index 8deb9c8ed4..081e2c9502 100644
--- a/openecomp-be/api/openecomp-sdc-rest-webapp/action-library-rest/action-library-rest-services/pom.xml
+++ b/openecomp-be/api/openecomp-sdc-rest-webapp/action-library-rest/action-library-rest-services/pom.xml
@@ -82,6 +82,12 @@
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>${http.client.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.apache.httpcomponents</groupId>
+ <artifactId>httpcore</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/externaltesting-rest/externaltesting-rest-services/pom.xml b/openecomp-be/api/openecomp-sdc-rest-webapp/externaltesting-rest/externaltesting-rest-services/pom.xml
index 8336672b3f..dcdf931201 100644
--- a/openecomp-be/api/openecomp-sdc-rest-webapp/externaltesting-rest/externaltesting-rest-services/pom.xml
+++ b/openecomp-be/api/openecomp-sdc-rest-webapp/externaltesting-rest/externaltesting-rest-services/pom.xml
@@ -86,6 +86,12 @@
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>${http.client.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.apache.httpcomponents</groupId>
+ <artifactId>httpcore</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>javax.inject</groupId>
diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/item-rest/item-rest-services/pom.xml b/openecomp-be/api/openecomp-sdc-rest-webapp/item-rest/item-rest-services/pom.xml
index d2584124a6..0d6a2e605c 100644
--- a/openecomp-be/api/openecomp-sdc-rest-webapp/item-rest/item-rest-services/pom.xml
+++ b/openecomp-be/api/openecomp-sdc-rest-webapp/item-rest/item-rest-services/pom.xml
@@ -32,6 +32,12 @@
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>${http.client.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.apache.httpcomponents</groupId>
+ <artifactId>httpcore</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>javax.inject</groupId>
diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/notifications-fe/pom.xml b/openecomp-be/api/openecomp-sdc-rest-webapp/notifications-fe/pom.xml
index 8765d6618c..76185540c6 100644
--- a/openecomp-be/api/openecomp-sdc-rest-webapp/notifications-fe/pom.xml
+++ b/openecomp-be/api/openecomp-sdc-rest-webapp/notifications-fe/pom.xml
@@ -178,6 +178,12 @@
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>${http.client.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.apache.httpcomponents</groupId>
+ <artifactId>httpcore</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/validation-rest/validation-rest-services/pom.xml b/openecomp-be/api/openecomp-sdc-rest-webapp/validation-rest/validation-rest-services/pom.xml
index 6a6977b89f..6df2adf80b 100644
--- a/openecomp-be/api/openecomp-sdc-rest-webapp/validation-rest/validation-rest-services/pom.xml
+++ b/openecomp-be/api/openecomp-sdc-rest-webapp/validation-rest/validation-rest-services/pom.xml
@@ -86,6 +86,12 @@
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>${http.client.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.apache.httpcomponents</groupId>
+ <artifactId>httpcore</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>javax.inject</groupId>
diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/vendor-license-rest/vendor-license-rest-services/pom.xml b/openecomp-be/api/openecomp-sdc-rest-webapp/vendor-license-rest/vendor-license-rest-services/pom.xml
index 0a3a1b32b0..448d62bd64 100644
--- a/openecomp-be/api/openecomp-sdc-rest-webapp/vendor-license-rest/vendor-license-rest-services/pom.xml
+++ b/openecomp-be/api/openecomp-sdc-rest-webapp/vendor-license-rest/vendor-license-rest-services/pom.xml
@@ -65,6 +65,12 @@
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>${http.client.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.apache.httpcomponents</groupId>
+ <artifactId>httpcore</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/vendor-software-products-rest/vendor-software-products-rest-services/pom.xml b/openecomp-be/api/openecomp-sdc-rest-webapp/vendor-software-products-rest/vendor-software-products-rest-services/pom.xml
index 49c4be2e4a..d111164697 100644
--- a/openecomp-be/api/openecomp-sdc-rest-webapp/vendor-software-products-rest/vendor-software-products-rest-services/pom.xml
+++ b/openecomp-be/api/openecomp-sdc-rest-webapp/vendor-software-products-rest/vendor-software-products-rest-services/pom.xml
@@ -82,6 +82,17 @@
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>${http.client.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.apache.httpcomponents</groupId>
+ <artifactId>httpcore</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.httpcomponents</groupId>
+ <artifactId>httpcore</artifactId>
+ <version>${httpcore.version}</version>
</dependency>
<!-- Java Stuff -->
diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/vendor-software-products-rest/vnf-repository-rest-services/pom.xml b/openecomp-be/api/openecomp-sdc-rest-webapp/vendor-software-products-rest/vnf-repository-rest-services/pom.xml
index 0ba0a9ceb0..181c28975c 100644
--- a/openecomp-be/api/openecomp-sdc-rest-webapp/vendor-software-products-rest/vnf-repository-rest-services/pom.xml
+++ b/openecomp-be/api/openecomp-sdc-rest-webapp/vendor-software-products-rest/vnf-repository-rest-services/pom.xml
@@ -116,6 +116,7 @@
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
+ <version>${logback.version}</version>
<scope>test</scope>
</dependency>
<dependency>
diff --git a/openecomp-be/backend/openecomp-sdc-security-util/pom.xml b/openecomp-be/backend/openecomp-sdc-security-util/pom.xml
index 39c663269e..d3095b1db7 100644
--- a/openecomp-be/backend/openecomp-sdc-security-util/pom.xml
+++ b/openecomp-be/backend/openecomp-sdc-security-util/pom.xml
@@ -23,6 +23,12 @@
<groupId>org.apache.commons</groupId>
<artifactId>commons-crypto</artifactId>
<version>1.0.0</version>
+ <exclusions>
+ <exclusion>
+ <groupId>net.java.dev.jna</groupId>
+ <artifactId>jna</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
diff --git a/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/Dockerfile b/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/Dockerfile
index c3f3a757ac..f8d33d0248 100644
--- a/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/Dockerfile
+++ b/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/Dockerfile
@@ -1,4 +1,4 @@
-FROM onap/integration-java11:8.0.0
+FROM onap/integration-java11:9.0.0
USER root
ARG JETTY_FOLDER=/app/jetty
@@ -13,12 +13,7 @@ RUN set -ex && \
libffi-dev \
libxml2-dev \
libressl-dev && \
- gem install \
- chef:13.8.5 \
- berkshelf:6.3.1 \
- io-console:0.4.6 \
- etc webrick \
- --no-document && \
+ gem install chef:13.8.5 berkshelf:6.3.1 io-console:0.4.6 etc webrick --no-document && \
gem cleanup && \
apk update
@@ -32,12 +27,11 @@ RUN mkdir $JETTY_FOLDER && chown onap:onap $JETTY_FOLDER
USER onap
#Download jetty
-RUN wget https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/9.4.31.v20200723/jetty-distribution-9.4.31.v20200723.tar.gz -O $JETTY_FOLDER/jetty.tar.gz && \
+RUN wget https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/9.4.41.v20210516/jetty-distribution-9.4.41.v20210516.tar.gz -O $JETTY_FOLDER/jetty.tar.gz && \
tar xvz -C $JETTY_FOLDER -f $JETTY_FOLDER/jetty.tar.gz --strip 1 && \
rm -rf $JETTY_FOLDER/jetty.tar.gz
RUN sed -i 's/"jetty"/"onap"/g' $JETTY_FOLDER/etc/jetty-setuid.xml
-
COPY --chown=onap:onap chef-solo $JETTY_FOLDER/chef-solo/
COPY --chown=onap:onap chef-repo/cookbooks $JETTY_FOLDER/chef-solo/cookbooks/
ADD --chown=onap:onap onboarding-be-*.war $JETTY_FOLDER/webapps/
diff --git a/openecomp-be/dist/sdc-onboard-db-init-docker/artifacts/Dockerfile b/openecomp-be/dist/sdc-onboard-db-init-docker/artifacts/Dockerfile
index af87d3db34..a30cb461d1 100644
--- a/openecomp-be/dist/sdc-onboard-db-init-docker/artifacts/Dockerfile
+++ b/openecomp-be/dist/sdc-onboard-db-init-docker/artifacts/Dockerfile
@@ -1,8 +1,6 @@
-FROM onap/policy-jdk-debian:2.0.1
+FROM onap/policy-jdk-debian:2.0.2
-#RUN addgroup --gid 1000 sdc
RUN addgroup sdc
-#RUN adduser --gecos "sdc sdc,1,1,1" -u 1000 --disabled-password --ingroup sdc --shell /bin/sh sdc
RUN adduser --gecos "sdc sdc,1,1,1" --disabled-password --ingroup sdc --shell /bin/sh sdc
USER sdc
RUN mkdir ~/.cassandra/ && \
@@ -11,11 +9,13 @@ RUN mkdir ~/.cassandra/ && \
USER root
RUN apt-get update --allow-releaseinfo-change && apt-get install -y python-pip && \
+ python -m pip install --upgrade pip \
pip install cqlsh && \
mkdir ~/.cassandra/ && \
echo '[cql]' > ~/.cassandra/cqlshrc && \
echo 'version=3.4.4' >> ~/.cassandra/cqlshrc && \
set -ex && \
+ python -m pip install --upgrade pip \
pip install cqlsh && \
apt-get install -y \
make \
diff --git a/openecomp-be/lib/openecomp-common-lib/pom.xml b/openecomp-be/lib/openecomp-common-lib/pom.xml
index e880b547c7..3cd75a20b3 100644
--- a/openecomp-be/lib/openecomp-common-lib/pom.xml
+++ b/openecomp-be/lib/openecomp-common-lib/pom.xml
@@ -33,6 +33,7 @@
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
+ <version>${logback.version}</version>
<scope>runtime</scope>
</dependency>
<dependency>
diff --git a/openecomp-be/lib/openecomp-core-lib/openecomp-utilities-lib/pom.xml b/openecomp-be/lib/openecomp-core-lib/openecomp-utilities-lib/pom.xml
index 7569267c1a..d8f28d83f8 100644
--- a/openecomp-be/lib/openecomp-core-lib/openecomp-utilities-lib/pom.xml
+++ b/openecomp-be/lib/openecomp-core-lib/openecomp-utilities-lib/pom.xml
@@ -98,6 +98,12 @@
<artifactId>common-app-api</artifactId>
<version>${project.version}</version>
<scope>compile</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>org.apache.httpcomponents</groupId>
+ <artifactId>httpcore</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
</dependencies>
diff --git a/openecomp-be/lib/openecomp-sdc-logging-lib/openecomp-sdc-logging-core/pom.xml b/openecomp-be/lib/openecomp-sdc-logging-lib/openecomp-sdc-logging-core/pom.xml
index ef2a9d170c..033fb31fad 100644
--- a/openecomp-be/lib/openecomp-sdc-logging-lib/openecomp-sdc-logging-core/pom.xml
+++ b/openecomp-be/lib/openecomp-sdc-logging-lib/openecomp-sdc-logging-core/pom.xml
@@ -26,6 +26,7 @@
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
+ <version>${logback.version}</version>
<scope>provided</scope>
</dependency>
</dependencies>
diff --git a/openecomp-be/lib/openecomp-sdc-notification-lib/openecomp-sdc-notification-websocket/pom.xml b/openecomp-be/lib/openecomp-sdc-notification-lib/openecomp-sdc-notification-websocket/pom.xml
index a5e1eae19e..475ce54d49 100644
--- a/openecomp-be/lib/openecomp-sdc-notification-lib/openecomp-sdc-notification-websocket/pom.xml
+++ b/openecomp-be/lib/openecomp-sdc-notification-lib/openecomp-sdc-notification-websocket/pom.xml
@@ -36,7 +36,7 @@
<dependency>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
- <version>2.3.1</version>
+ <version>${gson.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
diff --git a/openecomp-be/lib/openecomp-sdc-notification-lib/openecomp-sdc-notification-worker/pom.xml b/openecomp-be/lib/openecomp-sdc-notification-lib/openecomp-sdc-notification-worker/pom.xml
index af981b3d3b..3935875d0e 100644
--- a/openecomp-be/lib/openecomp-sdc-notification-lib/openecomp-sdc-notification-worker/pom.xml
+++ b/openecomp-be/lib/openecomp-sdc-notification-lib/openecomp-sdc-notification-worker/pom.xml
@@ -62,6 +62,12 @@
<artifactId>httpclient</artifactId>
<version>${http.client.version}</version>
<scope>provided</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>org.apache.httpcomponents</groupId>
+ <artifactId>httpcore</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
diff --git a/openecomp-be/lib/openecomp-sdc-validation-lib/openecomp-sdc-validation-impl/pom.xml b/openecomp-be/lib/openecomp-sdc-validation-lib/openecomp-sdc-validation-impl/pom.xml
index af26b68ec2..e10a9698fd 100644
--- a/openecomp-be/lib/openecomp-sdc-validation-lib/openecomp-sdc-validation-impl/pom.xml
+++ b/openecomp-be/lib/openecomp-sdc-validation-lib/openecomp-sdc-validation-impl/pom.xml
@@ -99,6 +99,12 @@
<artifactId>httpmime</artifactId>
<version>${httpclient.version}</version>
<scope>compile</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>org.apache.httpcomponents</groupId>
+ <artifactId>httpcore</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
</dependencies>